A malicious user may be able to manipulate SQL queries to read
or modify records in the database. This way it could also be
possible to get access to more permissions (e. g. administrator
permissions).

To use this vulnerability the malicious user needs to have
a valid Agent- or Customer-session.

This advisory covers vulnerabilities discovered in the OTRS core
system. Due to the XSS vulnerability in Internet Explorer an attacker could send
a specially prepared HTML email to OTRS which would cause JavaScript code to be
executed in your Internet Explorer while displaying the email.

A malicious user may be able to manipulate SQL queries to read
or modify records in the database. This way it could also be
possible to get access to more permissions (e. g. administrator
permissions).

To use this vulnerability the malicious user needs to have
a valid Agent- or Customer-session.

This advisory covers vulnerabilities discovered in the OTRS core
system. This is a variance of the XSS vulnerability, where an attacker could
send a specially prepared HTML email to OTRS which would cause JavaScript code
to be executed in your browser while displaying the email in Firefox and Opera.
In this case this is achieved with an invalid HTML structure with nested tags.

This advisory covers vulnerabilities discovered in the OTRS core
system. This is a variance of the XSS vulnerability, where an attacker could
send a specially prepared HTML email to OTRS which would cause JavaScript code
to be executed in your browser while displaying the email. In this case this is
achieved by using javascript source attributes with whitespaces.